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(57) Abstract 

A cryptographic certificate attesting to the authenticity of the original 
document elements will lose its validity when the cryptographic function 
underlying the certifying scheme is compromised. Toe present invention 
extends the reliability of such a certificate by subjecting the combination 
of the original certificate and the digital representation of the document to 
a scheme based on a less vulnerable function using the steps of: obtaining 
the original document (11); applying the function to the document to 
create the original certificate (13); combining the original document and 
the certificate (15); and, applying another function to the combination to 
create an extended certificate (17). 
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METHOD OF EXTENDING THE VALIDITY 
OF A CRYPTOGRAPHIC CERTIFICATE 

5 

BACKGROU ND OF THE INVENTION 

This invention relates to methods for certifying or 
10 validating the existence or occurrence of a recorded document 
or event, particularly methods which rely upon cryptographic 
assumptions to establish the basis for such a certification or 
validation. More specifically, the invention relates to a*' 
method for reconfirming an original certificate in order to 
15 maintain its validity for a significant period of time beyond 
the probable compromise of an underlying cryptographic* 
assumption or step in the original certification procedure. 

Time-stamping procedures described in U.S. Patent Nos . 

20 5, 136, 646' and 5,136,647 are representative of a type of 

certification " for which the present method is adapted. Such 
schemes for setting a reliable time of creation of a document, 
or providing indisputable evidence' against the alteration of a 
document, generally digital computer data in alphanumeric, 

25 pictorial, video, or. audio form, depend upon the assumption 

that there exist cryptographic functions which, when applied to 
a digital representation of such a document, defy any manner of 
manipulation which might permit undetectable alterations or 
falsifications of the original state of document elements. The 

30 functional procedures generally exemplified in those 

disclosures typically provide this required property, since 
they generate unique certificate statements which essentially 
can not be duplicated other than from an identical document 
representation . This security arises from the fact that the 

35 derivation or reconstruction of these functions from the 

products of their application is computationally infeasible. 
Ultimate achievement of such derivations must be anticipated, 
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however, since a given function or procedure may be fatally 
flawed or, as is becoming more probable, advancements in • 
computer technology and algorithmic techniques are likely to 
make more readily available a level of calculating power which 
5 enables such derivation. 

With compromise of a step or algorithm in a procedural 
certification function, the possibility arises of generating 
duplicate certificates or parts thereof from different digital 

10 representations, i.e., creating "collisions",, and thereby 

defeating the previously reliable basis for a certification 
scheme. Substitution of a newer and presumably less vulnerable 
function m the certification procedure . may prevent for some 
finite time the compromise of future certificates', but the 

15 value of past certificates in establishing original creation 
dates,. for example, is all but lost. -The present invention, 
however, provides a means for bridging the technological gap 
and extending into the era of a newer function or procedure the 
validity of the original certification. 

20 

SUMMARY OF THE INVENTION . 



25 Historically, there has usually been an overlap period 

between the time spans of reliability of an established 
cryptographic function and one which has been newly implemented 
with improved resistance to compromise. As computational power 
increases and algorithmic techniques improve,, the evolution and 
■30 phasing of cryptographic certification procedures or functions, 
for example, can generally be foreseen. It is possible, 
. therefore, to anticipate the final stages of reliability 
' provided by an existing certification scheme and to initiate a 
procedure, such as provided by the present invention, to ensure 
35 the continuity of original certificate validity. 

In essence, this invention entails generating from the 
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original document a new document certificate during the viable 
term of the original certification scheme, such as .may be ^a"sed 
upon a cryptographic signature key procedure or a time-stamping 
procedure. This new certification process comprises applying a 
5 different cryptographic function, e.g., a time-stamping 

procedure, to a combination including the original certificate 
and the original digital document from which the certificate 
was derived. Such a different function is preferably a new and 
presumably more reliable algorithm or procedure, or at least 

10 one upon which the original certification did not rely. The 
resulting certificate, generated by means of a function or 
procedure having a significant expected remaining term of 
reliability, now implacably embodies' the original certificate 
elements at a time. prior to' any likely compromise of the 

15 original certification function. Since these original elements 
have as yet been exposed to no threat of compromise and are now 
bound by the new time stamp within the protective cloak of a far 
more relatively invulnerable certification function, their 
original, veracity has been extended for at least the reliable 

2 0 term of this new function. 

BRIEF DESCRIPTIO N OF THE DRAWING 

25 

, The present invention will be described with reference to 
.the accompanying drawing of which: 

FIG. 1 presents a flow chart of steps embodying a general 

3 0 procedure implementing the certificate extension process of the 

invention; and 

FIG. 2 presents a flow chart of steps embodying a 
rudimentary time-stamping procedure implementing the . 
3 5 certificate extension process of the invention. 
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DESCRIPTION OF THE INVENTION 

The extension procedure of the present invention is 
5, applicable to any manner of certificate digitally derived by 
cryptographic means. For instance, the process may be used to 
support the veracity of a document transmittal originally 
certified with a cryptographic key signature algorithm or 
function beyond a time when that function might be compromised, 

10 whether due to misappropriation of a secret key or to advances 
in computer technology and algorithmic techniques. A digital 
time-stamp certificate .could similarly benefit by application 
of the invention to prevent its coming into question after 
compromise of the scheme or function underlying the time- 

15 stamping procedure. In general, the process of the invention is 
useful to ensure the continued viability of any certificate - 
produced by a digital scheme or function" which is capable of 
compromise. 

20 The steps comprising a basic application of the 

certificate extension process are shown in FIG. 1. .There, 
initial steps 11, 13 are intended to depict any certification 
procedure, such as a signature scheme or time-stamping process, 
in which a digital document, D^, e.g., a body of text or 

25 alphanumeric representations, a picture, an audio recording, or 
the like, is subjected to a cryptographic scheme or procedure, 
generally a "function", F 1# to "produce a certificate, C x , which 
will serve later as evidence of the original existence and 
substance of D x . The value of certificate, C lt will persist, 

30 however, only until a compromise of the certification function, 
as a whole or in a component step or algorithm, since, as a 
result ' of . such a compromise, the certificate might thereafter 
be duplicated by an imposter or through the use of a counterfeit 
document . 

35 

The basic steps of the invention are therefore effected 
prior to any such compromise, as projected, for example, on the 
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basis of the current state of computational technology, and 
comprise combining, at 15, the original document, D, with the 
original certificate, C 1; and applying to that combination, at 
17, a different and presumably more secure scheme or function to 
5 obtain a new certificate/ C 2 , which will later attest to the 
validity of original certificate, C lf at a time when its 
generating function, F x , was as yet uncompromised and secure. 
The essential element' of this process resides in the 
application of the new certification function to the 

10 conjunction of original document, D, with original certificate, 
C lf This step avoids the error inherent in the naive and 
ineffectual procedure of merely recertifying either the 
original certificate or the original document alone; namely, 
that of perpetuating a compromise which reflects directly upon 

15 the veracity. of the original document, D. 

As an example, one might consider application of the 
present invention to extend the valid lifetime of a digitally 
signed document where," in keeping with usual practices, a 

20 digital signature, a, is derived by application of some 

cryptographic signature scheme to a document, D. To avoid 
invalidation of such a signed document by subsequent compromise 
of the scheme, for instance, due to misappropriation of a user's 
private key, the pre- compromise generation of a certificate, C, 

25 by application of a time- stamp function, T, to a combination of 
the . signature and the" document : 

C = T(a,D) 

will provide continuing proof that the signature was created 
30 prior to the compromise, i.e., at a time when only a legitimate 
user could have produced it. Such a certificate might also be 
used to establish original authorship of the document. 

The invention is broadly useful, as well, as a means of 
35 extending or "renewing" time-stamp certificates, generally, For 
example, a simple scheme for certifying an event, such as time- 
stamping the creation of a document, comprises establishing a 
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digital representation of the document content, adding data 
denoting current time, and permanently fixing the resulting 
digital statement against subsequent revision, all under 
trustworthy circumstances, to yield a certificate which will 
5 provide irrefutable evidence of the event at a later time. Means 
for ensuring the original veracity of the certificate have been 
described in our earlier-noted patent specifications as 
including use of trusted outside agencies, arbitrary selection 
of agencies, linking- of certificates in temporal chains, and 
10 similar practices which remove substantially all influence a 
document author might have upon the certification process. 
Other methods of establishing the authenticity of original 
certification procedures might also include private, and public 
key cryptographic communications. 

15 

Common to certification procedures is the application of 
some manner of cryptographic function by which the document, 
related identifying data, or digital' representations of these 
elements may be algorithmically reduced to a unique statement 

2 0 or cipher which can not feasibly be duplicated from different 
representative elements by computational means . Any .of the 
general class of one-way hashing algorithms, for example, may. 
be used in such a procedure or function applied to a digital 
representation of a time-receipted document to produce an 

25 inimitable certificate, usually in the form of a cryptic string 
of alphanumeric characters, which can only be generated by such 
an application of that same function to exactly that digital 
representation. The additional characteristic property of the 
one-way function is that of possessing such mathematical 

30 complexity as to discourage the computational derivation or 

reconstruction of the original digital representation from the 
resultant certificate, as well as to discourage the generation 
of a matching certificate from a different representation. 

35 A simple certification procedure utilizing such a one-way 

hashing algorithm is represented in FIG. 2 at steps 21-23. 
There, digital document, D 1# of step 21 is identified , e.g., 
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annotated with author data, to yield a receipt, R 1# that, in a 
rudimentary procedure which may be simply stated as: 

C x = FxtHitRi) ) 

5 is in turn reduced at step 23 to a certificate, C^, by 

application of a time-stamping function; F x , comprising a 
current hash algorithm, % . 

As a result of computational or algorithmic developments 
10 over time, or in the event of a flaw in the function itself, 
hash, H lt may become compromised with the result that a 
falsified receipt, R x , could produce a duplicate, or 
"collision", certificate', C^. The veracity of original 
certificate, C lf and its value as probative evidence of the 
15 contents of document, D, and other elements of receipt, R x , 

would thus be destroyed, since there would no longer exist a 
singular certificate cipher that could be traced solely to the 
original document and its once-unique receipt, R x . 

20 Advent of the collision need not denigrate the worth of 

the initial certificate back to- the time of its creation, 
however, but only for the period subsequent to the .compromise . 

■ The value of the certificate during its earlier term could be 
preserved and extended into the future if means were available 

25 to link into a time prior to such compromise with a trustworthy 
scheme for deriving a new certificate at ' least as unique and 
intractable as was the initial certificate. The problem, 
therefore, has been to " recertify ". the original certificate in 
a manner which would verify the facts that had been securely 

30 bound into that certificate until the first collision occurred. 

A naive solution to this problem would appear to be just 

■ that simple; that is, to recertify the original certificate, 
for example by applying a new and more robust hash, H 2 - The 

3 5 fallacy in this approach becomes apparent, however/ when one 
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considers that after the instance of a collision the condition 
exists where: 

5 The hashing of certificate, C lt with a new function, H 2 , would 
therefore not produce a renewal certificate cipher, C 2 , unique 
only to receipt, R lt since: 

C 2 = H 2 (C!) = HatHitRi)) = H 2 (H 1 (R X )') 

10 and, thus, there is no reliable distinction between those 
resulting certificates. 

The present invention, however, does provide such a' 
unique certificate which serves .to extend the veracity of an 

15 original certificate beyond subsequent compromise of the 

original, function or algorithm. This is accomplished, as in the 
representative- of FIG . ■ 2 , by combining, at step 25, the original 
certificate, C 2 , with the original document, D x , from which it 
was generated and which is to be later proven, and applying to 

20 that composite statement, at step 27, a different certification 
function, F 2 , e.g., comprising a new hashing algorithm, H 2 , to 
yield the extended certificate : 

C 2 = F 2 (H 2 (Ci,D!» ) = F 2 {H 2 (H 1 (R 1 ) ,D X ) ) . 

25 The final represented step, 29, in which it is established that 
the new certificate, C 2 , was created during the valid term of 
original certificate, C lf i.e., -prior to any compromise of the. 
original certification function, may be effected along with 
step 27, for example in the course of applying an earlier- 

3 0 described time- stamping procedures, to generate certificate, 
C 2 . Alternatively, the effective time of the new certificate, 
C 2 , may be established simply by publication, e.g., in a widely- 
distributed newspaper, either alone or as incorporated into a 
derivative representation similar to the "authentication tree" 

3 5 ' noted by D . E . R . Denning in Cryptography and Data Security, 
pp. 170-171, Addison-Wesley (1982). 
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In the ultimate utilization of this new certificate, C 2 , 
to .prove the original document, V lf by recomputing certificate, 
C 2 , from its elements, such proof will fail unless original 
document, D x , rather than a bogus document, D x , is an included 
5 element. Even though a collision due to compromised function, 
H lt may exist at the time of using certificate, C 2 , in a proof, 
the as yet invulnerable state of hash function, H 2 , ensures 
against any collision with the expanded statement, i.e., one 
comprising document element,- V lt which is used to generate that 

10 new certificate. During a normal proofing process, the original 
certificate, C^, will also be recomputed using the document in 
question. Unless the document then employed to recompute 
original certificate, C x , matches precisely the document 
similarly employed, with new certificate, C 2 , the proof will not 

15 be realized. A false document, D x , therefore can not be 

substituted surreptitiously for an original document as long as 
the applied hash function, H 2 , remains uncompromised, since for 
any document, D x , which one could feasibly compute: 



20 



H^C^Di) * H 2 (Ci,D x ) 



When advancements in computation portend a compromise 
situation, yet a different time-stamp function, e.g., one 
utilizing algorithm, H 3 , with longer life expectancy may be 
employed in the same procedure to again extend the involved 
25 certificate. 

As an 'example of the implementation of the present 
invention, one might consider first an initial certificate 
prepared in the manner described in our earlier U. S. Patent No. 
30 5,136,646 employing the one-way hash algorithm specified by 

. R. L. Rivest in "The MD4 Message Digest Algorithm", Advances In 
Cryptology - Crypto '90, Lecture Notes in Computer Science, 
Vol. 537 (ed. A. J. Menezes et al . ) , pp. 303-311, Springer- • 
Verlag (Berlin, 1991) . In that earlier example, elements of the 

35 
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receipt, R lf identifying the quotation "document" appeared as: 

1328, 194628GMT06MAR91, 634, 
ee2ef 3ea60ef 10cb621c4fb3 f 8dc34c7 

5 and with additional data representing a prior transaction 

formed the basic statement to which the function comprising MD4 
hash algorithm, H 1/ was applied to yield the unique cipher: 

46f7d75f 0fbea95e96fc38472aa28cal ' 
10 which is held by the author as a time-stamp certificate, C 2 . 

In the event of an anticipated compromise of the MD4 hash 
function algorithm, the procedure of this invention would be 
initiated utilizing a different time-stamping certification 
15 function comprising, for example, a new algorithm, H 2 / such as, 
the MD5 hashing function described by Rives t and Dusse, "The MD5 
Message Digest Algorithm", Network Working Group, Internet 
Draft, RSA Data Security, Inc. (July 1991); RFC 1321, Internet 
Activities" Board (April 1992). 

20 

As an initial step in this procedure, the document 
representation, D 1/ to be proven at a later time is combined 
with, original certificate, C 1# either in original digital form 
or, preferably, as the convenient, condensed output of hash 
25 function, H 2 , viz.: 

.D9776652kDAj2 .M5191CAD7 
thus forming the. combination statement, (C^Djl), as: 

30 46f7d75'f0fbea95e96fc38472aa28cal, 

.D977 6 652kDAj2 .M5191CAD7 . 

Applying to this statement hashing algorithm, H 2 , comprising the 
new function, F 2 , produces: • 

35 656h//PDDM60M9/qDDt85F5 6 

which in a time-stamping procedure, for instance, may be 
transmitted to an outside agency for the inclusion of current 
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time data and authenticating cryptographic signature to yield 
extended certificate, C 2 . As earlier noted, the effective date 
of a new certificate, C 2 , may otherwise be established, such as 
in other time-stamping schemes or by public display or 
5 notoriety. 

A variation on the foregoing embodiment provides an even 
more reliable practice in that it substantially eliminates the 
uncertainties associated with estimating the onset of a 
10 certification function compromise. This is accomplished by 

using a plurality of different cryptographic functions, e.g., F a 
and F b , to derive a compound original certificate, C a : 

C a = F a (D ; ) # F b (Di) 

15 which will remain valid even after the confirmed compromise of 
one of those function due to the likely continued viability of 
the other. Thus a period of security continues during which one 
may select a new certification function, F c , to be employed in 
the extension of certificate, C„ as: 

20 

Cp = F b (C a ,D!) .FctCa^i) . 

Subsequent compromise of any current cryptographic function can 
be remedied in like manner. 

25 It is anticipated that other variants will become 

apparent to the skilled artisan in the light of the foregoing 
disclosure, and such embodiments are likewise considered to be 
encompassed within the scope of the invention defined by the 
appended claims . 

30 



35 
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What is claimed is: 

1 1. A method of extending the validity of a first 

2 cryptographic certificate derived by applying a first 

3 cryptographic function to a digital document, which method 

4 * comprises : 

5 a) combining a digital representation of said document 

6 with a 'digital representation of said certificate; and 

7 - b) applying to the resulting combination during the valid 

8 term of said first certificate a different cryptographic 

9 function to thereby generate a second certificate attesting to 
LO the then current validity of said first certificate. 

1 2. A method according to claim 1 wherein said first function 

2 . is a cryptographic signature scheme. 

1 3. A method according to claim 2 wherein said different 

2 function- is a time-stamping procedure. 

1 4. A method according to claim 3 wherein said different 

2 function comprises a one-way hashing algorithm. 

1 5. A method according to claim 1 wherein said first function 

2 is a time-stamping procedure. 

1 6. A method according to claim 5 wherein said first function 

2 comprises a one-way hashing- algorithm. 

1 7. A method according to claim 5 wherein said different 

2 function is a time-stamping procedure. 
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1 8. A method according to claim 7 wherein said first function 

2 comprises a first one-way hashing algorithm and said different 

3 function comprises a different one-way hashing algorithm. 

1 9. A method according to claim 1 wherein said different 

2 function .is a time-stamping procedure. 

1 10. A method of certifying a digital representation of a 

2 document which comprises : 

3 a) generating a first certificate by applying to said 

4 digital representation at least a first cryptographic function;' 

5 b) combining - said first certificate with said digital - 

6 representation; and 

7 c) generating a second certificate by applying to said 

8 combination at least one cryptographic' function which is 

9 different from said first function. 

1 11. A method according to claim 10 wherein said first 

2 function is a cryptographic signature scheme. 

1 12. A method according to claim 11 wherein said different 

2 . function is a time-stamping procedure. 

1 13. A method according to claim 12 wherein said different 

2 function comprises a one-way hashing algorithm. 

1 14. A method according to claim 10 wherein said first 

2 function is a time-stamping procedure. 
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1 15. A method according to claim 14 wherein said first 

2 function comprises a one-way hashing algorithm. 

1 16. A method according to claim 14 wherein said different 

2 function is a time-stamping procedure. 

1 17. A method according to claim 16 wherein said first 

2 function comprises a first one-way hashing algorithm and said 

3 different function comprises a different one-way hashing 

4 algorithm. 

1 18. A method according to claim 10 wherein: 

2 a) said first certificate is generated by applying to 

3 said digital representation at least first and second different 

4 cryptographic functions ; and 

5 b) said second certificate is generated by applying to 

6 said combination at least one cryptographic function which is 

7 different from said first and second functions. 

1 19- A certificate authenticating a digital representation of 

2 a document, said certificate consisting of a second certificate 

3 generated according to the method of claim 10. 

1 20. A certificate according to claim 19 wherein: 

2 a) said first certificate is generated by applying to 

3 said digital representation at least first and second different 
cryptographic functions; and 

b) said second certificate is generated by applying to 
said combination' at least one cryptographic function which is 
different from said first and second functions. 
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certification. Also, the initial seed for the 
pseudorandom generator may be based upon a function of 
time or previously receipted documents, as well as of the 
document. As an alternative, an organizational designee 
5 might serve as a resident "outside" agency who would 
maintain a catenate certificate record of organization 
documents by means of the present procedure and on a 
regular basis would transmit the then current catenate 
certificate to a TSA. In this manner the sequence of an 
10 organization's business records would be established both 
within the organization and externally through the TSA. 

Also, the implementation of process embodiments 
might readily be automated in simple computer programs 
which would directly carry out the various steps of 
15 hashing, transmitting, and concatenating original document 
representations, applying current time stamps, generating 
and recording catenate certificate values, and providing 
receipt certificates. 



THE DRAWING 

20 The present invention will be described with 

reference to the accompanying drawing of which: 

FIG. 1 is a flow diagram of a" general process of 
time-stamping a document according to the invention; 

FIG. 2 is a flow diagram of a specific embodiment 
25 of the process; 



FIG. 3 is a flow diagram of another specific 
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What is claimed is: 



1 l. A method for the secure time-stamping of a digital 

2 document cv-tw^cv- 

3 characterized in that — 

4 a) a digital representation of said document is 

5 transmitted from an originator to an outside agency; 

6 b) said outside agency creates a receipt comprising 

7 a digital representation of then current time and at least 

8 a portion of a digital representation of said digital 

9 document; and 

10 c) said receipt is certified at said outside agency 

11 by means of a verifiable digital cryptographic signature 

12 scheme. 



12. A method according to claim 1 

2 characterized in that 

3 said receipted digital document representation comprises 

4 at least a portion of the digital representation of the 

5 number derived by application of a deterministic function 

6 algorithm to said digital document. 



13. A method according to claim 2 

2 characterized in that 

3 said digital number representation is derived from the 

4 application of a one-way hashing algorithm to said digital 

5 document. 
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14. A method according to claim 1 

2 characterized in that 

3 said receipt further comprises the time representation and 

4 digital document representation specific to at least one 

5 other digital document receipted by said outside agency. 



15. A method according to claim 1 . 

2 characterized in that 

3 said outside agency is selected at random from a 

4 predetermined universe by means of a pseudorandom 

5 generator seeded with at least a portion of the digital 

6 representation of the number derived from the application 

7 of a deterministic function algorithm to said digital 

8 document. 

1 6. A method according to claim 5 

2 characterized in that 

3 said pseudorandom generation seed is derived from the 

4 application of a one-way hashing algorithm to said digital 

5 document. 

17. A method according to claim 5 

2 characterized in that 

3 said method further comprises the like preparation of a 

4 time-stamp certificate by at least one additional outside 

5 agency selected by said pseudorandom generation. 



18. A method according to claim 7 

2 characterized in that 

3 said method further comprises the like preparation of a 

4 time-stamp certificate by at least one additional outside 
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5 agency selected by said pseudorandom generation and 

. 6 wherein the input for each additional outside agency 

7 selection is at least a portion of the digital 

8 representation of the output derived from the application 

9 of said one-way hashing algorithm to a digital 

10 representation of the previously generated output. 



19. A method of certifying the temporal sequence of 

2 digital documents in a series 

3 characterized in that 

4 said method comprises: 

5 aj generating a digital representation of a 

6 specified one of the documents in said series; and 

7 b) generating a catenate certificate value 

8 representation for said specified document by applying a 

9 deterministic function algorithm to a concatenation 

10 comprising said specified document representation and the 

11 catenate certificate value representation for the document 

12 next prior in said series to said specified document* 



1 10. A method according to claim 9 

2 characterized in that 

3 said method further comprises repeating said recited steps 

4 with each subsequent document in said series. 



1 11. A method according to claim 10 

2 characterized in that 

3 each said document representation is generated by applying 

4 a deterministic function algorithm to said document. 
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1 12. A method of time -stamping a digital document which 

2 comprises transmitting a digital representation of said 

3 document to an outside agency, creating at said outside 

4 agency a receipt comprising a digital representation of 

5 then current time and at least a portion of a digital 

6 representation of said digital document, and certifying 

7 said receipt at said outside agency 



8 characterized , in that 

9 the certifying of said receipt comprises: 

10 a) concatenating a digital representation of said 

11 receipt with a representation of a prior catenate 

12 certificate value to form.a composite; and 

13 b) generating a catenate certificate value for said 



14 receipt by applying a deterministic function algorithm to 

15 said composite, f\ 

113. A method of time-stamping a digital document 

2 according to claim 12 

3 characterized in that 

4 said outside agency maintains a record comprising the 

5 catenate certificate values of prior time-stamping 

6 transactions. 

1 14. A method of time-stamping a digital document 

2 according to claim 12 

3 characterized in that 

4 said receipted digital document representation comprises 

5 at least a portion of the digital representation of the 

6 value derived by application of a deterministic function 

7 algorithm to said digital document. 
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1 15. A method of time-stamping a digital document 

2 according to claim 14 

3 characterized in that 

4 said digital value representation is derived from the 

5 application of a one-way hashing algorithm to said digital 

6 document . 
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